OpenFISMA System Inventory: Import Plugin for Nmap

Josh Boyd

joshua.boyd@endeavorsystems.com

July 15, 2010

c (c) 2009 Endeavor Systems, Inc., http://opensma.org/content/license

1 Functional Specication
1.1 Background
The Nmap import plugin takes an Nmap XML le and creates appropriate assets and
products in OpenFISMA.

1.2 Links
Vendor Website1

1.3 XML Format

Field Description Example

host Container for scanned host <host>...</host>
status Status of scanned host <status state="down"
reason="no-response"/>
address IP of scanned host <address addr="192.168.0.1"
addrtype="ipv4" />
port Port information of scanned host <port protocol="tcp"
portid="21">...</port>
state State of port <state state="open" reason="syn-ack"
reason_ttl="0"/>
service Service information for port <service name="ssh" product="OpenSSH"
version="5.1p1 Debian 5ubuntu1"
extrainfo="protocol 2.0" ostype="Linux"i
method="probed" conf="10" />

1
2. TECHNICAL SPECIFICATION 2

Physical Name Logical Name Mapping Rule

asset Asset Check to see if a corresponding asset already
exists by comparing the Network, IP Address,
and Port of this asset to all existing assets. If
the asset exists, then do not modify it and do
not create a new one.
asset.networkId Network Specied by user immediately before uploading
the le.
asset.addressIp Asset IP Address Parse the IP Address from the le <address>
attribute.
asset.addressPort Asset Port Parse the port from the le <port> attibute.
asset.createdTs Creation Timestamp System date
asset.source Source Constant: `SCAN'
product Product Check to see if a corresponding product already
exists by comparing the vendor, name, version
of the product to all existing products. If the
product exists, then do not modify it and do
not create a new one.
product.name Name Parse the name from the le <service> at-
tribute, using product + version if available,
and name if not.
product.version Version Parse the version from the le's <version> at-
tribute, if available.

1.4 Mapping Rules

2 Technical Specication
OFJ-62

2.1 Classes
• What classes will be added, modied, deleted or involved?
 Fisma_Import_Factory
 Fisma_Import_Abstract
 Fisma_Import_Nmap

2.2 Test cases

User stories
1. If the user does not select a le to import from, the plugin should return an error
message.
1 http://nmap.org/
2 http://jira.opensma.org/browse/OFJ-6
2. TECHNICAL SPECIFICATION 3

2. If the user uploads a le in an invalid format to import from, the plugin should return
an error message.
3. If the user uploads a valid le, the plugin should import and return a success message.
4. If the user uploads a valid le which has assets or products that already exist in the
database, the duplicates will be suppressed.
5. If the user does not select a system to import into, the plugin should return an error
message.
6. If the user does not select a network to import into, the plugin should return an error
message.
7. If the user does not have the appropriate permissions to import assets or products,
the plugin should return an error message.